On Wed, Aug 29, 2007 at 03:50:05PM +0200, Eugen Leitl wrote:
> (it's a transparent bridge, with no rules defined but the default
> pass-through-everything rule).
>
> The hoster advised doing an mtr, which I will do once the host
> drops offline again.
I've verified it's the firewall. I could ping the host from within
the firewall even while it was not accessible outside. I was able
to temporarily restore connectivity by disabling the port leading
to the WAN NIC, and reenabling it again. Connectivity was regained,
but lost shortly thereafter. After a while, the connectivity was
regained spontaneously.
Here's the setup from the firewall:
# ifconfig -a
vr0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
inet6 fe80::240:63ff:fed9:a718%vr0 prefixlen 64 scopeid 0x1
inet 10.0.0.6 netmask 0xffffff00 broadcast 10.0.0.255
ether 00:40:63:d9:a7:18
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
vr1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
inet6 fe80::240:63ff:fed9:a736%vr1 prefixlen 64 scopeid 0x2
inet 85.10.225.6 netmask 0xffffff00 broadcast 85.10.225.255
ether 00:40:63:d9:a7:36
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
pfsync0: flags=41<UP,RUNNING> mtu 2020
pfsync: syncdev: lo0 syncpeer: 224.0.0.240 maxupd: 128
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
inet 127.0.0.1 netmask 0xff000000
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4
pflog0: flags=100<PROMISC> mtu 33208
enc0: flags=41<UP,RUNNING> mtu 1536
bridge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
ether 06:b1:b4:39:d2:42
priority 32768 hellotime 2 fwddelay 15 maxage 20
member: vr1 flags=7<LEARNING,DISCOVER,STP>
port 2 priority 128 path cost 55 forwarding
member: vr0 flags=7<LEARNING,DISCOVER,STP>
port 1 priority 128 path cost 55 forwarding
Ah, at least something in dmesg:
arp: 85.10.225.1 is on vr1 but got reply from 00:02:85:1a:e2:e0 on vr0
arp: 85.10.225.1 is on vr1 but got reply from 00:02:85:1a:e2:e0 on vr0
arp: 85.10.225.1 is on vr1 but got reply from 00:02:85:1a:e2:e0 on vr0
arp: 85.10.225.1 is on vr1 but got reply from 00:02:85:1a:e2:e0 on vr0
arp: 85.10.225.1 is on vr1 but got reply from 00:02:85:1a:e2:e0 on vr0
arp: 85.10.225.1 is on vr1 but got reply from 00:02:85:1a:e2:e0 on vr0
bridge0: Ethernet address: 06:b1:b4:39:d2:42
vr0: promiscuous mode enabled
vr1: promiscuous mode enabled
arp: 00:40:63:d9:a7:36 attempts to modify permanent entry for 10.0.0.6 on vr0
pflog0: promiscuous mode disabled
pflog0: promiscuous mode enabled
tcp_output: inc sockbuf, old 66240, new 74432, sb_cc 60444, snd_wnd 54656,
sendwnd 53340
vr1: link state changed to DOWN
vr1: link state changed to UP
arp: 85.10.225.5 moved from 00:40:63:d9:a7:c1 to 00:40:63:d9:a7:e9 on vr1
arp: 85.10.225.5 moved from 00:40:63:d9:a7:e9 to 00:40:63:d9:a7:c1 on vr1
pflog0: promiscuous mode disabled
pflog0: promiscuous mode enabled
pflog0: promiscuous mode disabled
pflog0: promiscuous mode enabled
vr1: link state changed to DOWN
vr1: link state changed to UP
vr1: link state changed to DOWN
vr1: link state changed to UP
vr1: link state changed to DOWN
vr1: link state changed to UP
vr1: link state changed to DOWN
vr1: link state changed to UP
vr1: link state changed to DOWN
vr1: link state changed to UP
--
Eugen* Leitl <a href="http://leitl.org";>leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
